Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CVEs (9,359)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15789 1Siemens 1Polarion Subversion Webclient Jun 17, 2026 Sep 9, 2020 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious...Show more A vulnerability has been identified in Polarion Subversion Webclient (All versions). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by a legitimate user, who must be authenticated to the web interface. A successful attack could allow an attacker to trigger actions via the web interface that the legitimate user is allowed to perform. This could allow the attacker to read or modify contents of the web application.Show less
CVE-2020-23830 1Stock Management System Project 1Stock Management System Jun 17, 2026 Sep 2, 2020 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when the...Show more A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.Show less
CVE-2020-5776 1Magmi Project 1Magmi Jun 17, 2026 Sep 1, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI.
CVE-2020-25070 1Usvn 1Usvn Jun 17, 2026 Sep 1, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict feature.
CVE-2020-16208 1Redlion 2N Tron 702 W Firmware N Tron 702m12 W Firmware Jun 17, 2026 Sep 1, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W...Show more The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).Show less
CVE-2020-23836 1Oswapp 1Warehouse Inventory System Jun 17, 2026 Sep 1, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admi...Show more A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in OSWAPP Warehouse Inventory System (aka OSWA-INV) through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site.Show less
CVE-2020-2241 1Jenkins 1Database Jun 17, 2026 Sep 1, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to connect to an attacker-specified database server using attacker-specified credentials.
CVE-2020-2240 1Jenkins 1Database Jun 17, 2026 Sep 1, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A cross-site request forgery (CSRF) vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts.
CVE-2020-16610 1Hoosk 1Hoosk Jun 17, 2026 Aug 28, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention...Show more Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request Forgery (CSRF). When an attacker induces authenticated admin user to a malicious web page, any accounts can be deleted without admin user's intention.Show less
CVE-2020-5621 1Netgear 2Gs716tv2 Firmware Gs724tv3 Firmware Jun 17, 2026 Aug 28, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authenti...Show more Cross-site request forgery (CSRF) vulnerability in NETGEAR switching hubs (GS716Tv2 Firmware version 5.4.2.30 and earlier, and GS724Tv3 Firmware version 5.4.2.30 and earlier) allow remote attackers to hijack the authentication of administrators and alter the settings of the device via unspecified vectors.Show less
CVE-2020-15156 1Nodebb 1Blog Comments Jun 17, 2026 Aug 26, 2020 N/A· v4 8.1 HIGH· v3 4.3 MEDIUM· v2 In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF validation.
CVE-2020-5928 1F5 1Big Ip Application Security Manager Jun 17, 2026 Aug 26, 2020 N/A· v4 3.1 LOW· v3 3.3 LOW· v2 In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, BIG-IP ASM Configuration utility CSRF protection token can be reused multiple times.
CVE-2020-5922 1F5 14Big Ip Access Policy Manager Big Ip Advanced Firewall ManagerBig Ip Advanced Web Application Firewall+11 more Jun 17, 2026 Aug 26, 2020 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authen...Show more In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, iControl REST does not implement Cross Site Request Forgery protections for users which make use of Basic Authentication in a web browser.Show less
CVE-2020-4170 1Ibm 1Security Guardium Insights Jun 17, 2026 Aug 24, 2020 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID...Show more IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174406.Show less
CVE-2020-14043 1Codiad 1Codiad Jun 17, 2026 Aug 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 PRODUCT NOT SUPPORTED WHEN ASSIGNED A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and...Show more PRODUCT NOT SUPPORTED WHEN ASSIGNED A Cross Side Request Forgery (CSRF) vulnerability was found in Codiad v1.7.8 and later. The request to download a plugin from the marketplace is only available to admin users and it isn't CSRF protected in components/market/controller.php. This might cause admins to make a vulnerable request without them knowing and result in remote code execution. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors."Show less
CVE-2020-19889 1Dbhcms Project 1Dbhcms Jun 17, 2026 Aug 24, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for index.php?dbhcms_pid=-70 can add a user.
CVE-2020-19886 1Dbhcms Project 1Dbhcms Jun 17, 2026 Aug 24, 2020 N/A· v4 8.1 HIGH· v3 4.3 MEDIUM· v2 DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF for an /index.php?dbhcms_pid=-80&deletemenu=9 can delete any menu.
CVE-2020-15151 2Magento Openmage 2Magento Openmage Long Term Support Jun 17, 2026 Aug 20, 2020 N/A· v4 8.0 HIGH· v3 4.0 MEDIUM· v2 OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related...Show more OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. This issue is related to Adobe's CVE-2020-9690. It is patched in versions 19.4.6 and 20.0.2.Show less
CVE-2020-12480 1Lightbend 1Play Framework Jun 17, 2026 Aug 17, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.
CVE-2016-11085 1Expresstech 1Quiz And Survey Master Nov 21, 2024 Aug 16, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside o...Show more php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element.Show less

Previous 1...327328329...468 Next